2.6 billion records exposed in 2,308 disclosed data breaches in H1

According to a report from cyber threat intelligence firm Risk Based Security some 2.6. billion data records have been exposed in data breached in the first half of 2018.

According to a new report titled “Mid-Year 2018 Data Breach QuickView” published by the cyber threat intelligence company Risk Based Security some 2.6. billion data records have been exposed in the first half of 2018.

This amazing figure is the result of 2,308 publicly disclosed data breaches, anyway, it represents a drop from 6 billion data records exposed in 2,439 breaches reported for the first half of 2017.

Five breaches exposed more than 100 million records each, the biggest data breach reported this year was the one suffered by India’s biometric database Aadhaar that exposed1.19 billion records.

“2018 has been a curious year. After the wild ride of 2017, we became accustomed to seeing a lot of breaches, exposing extraordinary amounts of information. 2018 is remarkable in that the number of public disclosed breaches appears to be leveling off while the number of records exposed remains stubbornly high,” declared Inga Goddijn, Executive Vice President for Risk Based Security.

“It’s not easy to characterize 2.6 billion records exposed as an improvement, even if it is less than the 6 billion exposed at this time last year.”

The most affected sector is the business one (40%), followed by healthcare (8.3%), government (8.2%), and education (4.5%). 40% of the organizations were not classified in the report, a not negligible percentage.

Experts observed a significant drop in the number of data breaches in the first quarter, but the in the second quarter the number of incidents returned to a more “normal” pace.

The most popular attack method to harvest credentials remains phishing, stolen credentials are used to gain access to systems or services in successive attacks.

Looking at the breach types, the highest share of records is related to hacking (54.6%) followed by fraud (47.5%).

The number of vulnerabilities reported this year on pace has overtaken the previous year, in many cases the root cause for the data breaches was the exploitation of this flaws in unpatched systems.

The data breach landscape was influenced by the introduction of the GDPR in May, under the European Regulation the affected companies were obliged to disclose the incident within 72 hours.

“There are a lot of moving parts to an effective information security program and certainly patch management is one of the trickier components to tackle. That said, tried and true social engineering techniques combined with the ability to take advantage of unpatched weaknesses are some of the most effective tools malicious actors can use. That means defending against activities like phishing and solid vulnerability management go hand in hand when it comes to stopping hackers.” added Ms Goddijn.

“While we expect hacking to remain the leading cause of data loss, we can’t lose sight of the damage that can come from accidental exposure. Misconfigured services, exposed S3 buckets and even improper email handling have led to more than their fair share of recent breaches. This type of data loss is easily prevented and protecting against it is nearly entirely within the organization’s control. It shouldn’t be overlooked in the quest to prevent external attacks,”

Share On

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.AcceptRead More

Privacy and Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.